One of the best things about the Google Chrome browser is the wide variety of extensions at your disposal. These extensions can go a long way in making your web browsing experience better. However, as we’ve seen in the past, extensions can be malicious, and Google isn’t always quick to catch them. Recently, Google removed 70 such extensions, but not before they were downloaded 32 million times.
According to a report by Reuters, researchers at Awake Security discovered a large spyware campaign through Chrome extensions. Developers of the extensions disguised their identities with false information and the tools were designed to circumvent antivirus software. The extensions were able to send user data and browsing history through a network of more than 15,000 malicious domains, which all happened to be bought from a single registrar in Isreal. The company, called Galcomm, denies having anything to do with the malicious activity.
Since the initial report, Awake Security has published the full list of Chrome extensions that were removed. Most of these extensions were advertised to warn users of questionable websites or convert files. The researchers claim this was the most far-reaching malicious Chrome store campaign to date.
Google has given the typical response to these situations, saying it does routine security sweeps and removes malicious extensions when necessary. This isn’t the first time developers have used Chrome extensions for malicious reasons and it won’t be the last. Google has said it would improve security, but as mentioned, this was the largest campaign to date. The situation doesn’t seem to be improving.
Source: Reuters | Via: Android Police
The post Google removes 70 malicious Chrome extensions that tracked user data and browsing history appeared first on xda-developers.
from xda-developers https://ift.tt/3egXJLL
via IFTTT
Aucun commentaire:
Enregistrer un commentaire